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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on October 
6, 2008 has been entered. 

2. Claims 1, 9, 12, 14, 15, 17, 18, 21-23, 26, 34, and 36-38 have been amended, 
and claim 16 has been canceled. Claims 1-15 and 17-38 are pending. 

Response to Arguments 

3. Applicant's arguments filed October 6, 2008 have been fully considered but they 
are moot in view of the new grounds of rejection. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 26-38 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claims 26-38 recite a computer program 
product, which as described in the specification summary is intended to include a signal 
embodied on a carrier wave. This does not fall into one of the four statutory classes of 
invention, and thus is intended to cover non-statutory subject matter. 
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Claim Rejections - 35 USC §112 

6. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claims 9-14 and 34-38 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

8. Claims 9 and 34 each recite the policy digest identifies an invalid policy. This is 
unclear since 1 ) the policy is sent from the host to the client, 2) the policy digest is sent 
which identifies assertions of that policy that the client is complying with. Are the claims 
implying that the host might have sent an invalid policy? Otherwise, the claim appears 
to state the policy digest identifies assertions that the client complies with, of the sent 
(valid) policy, while also identifying an invalid policy. It is suggested that these claims 
should state something similar to claim 18, that the policy digest identifies assertions 
that are invalid. Claims 10-14 and 35-38 incorporate these limitations by dependency. 

Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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10. Claims 1, 3, 6-13, 26, 28, & 31 -37 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Knouse et al., US 7,185,364 B2, herein "Knouse". 

11. As to claims 1 , 9, 26, and 34, Knouse discloses a method and computer program 
product for sending a policy (cookie) from a host and receiving it at a client, which 
includes assertions for the client to comply with to access host resources (col. 2 lines 
28-30, col. 2 line 65 to col. 3 line 17, and col. 22 lines 57-64), cached at the client (col. 
23 lines 13-15), determining the client is complying with at least one assertion, 
generating a policy digest identifying it, sending a message to the host including the 
policy digest and extracting it (col. 22 lines 19-36, and col. 22 line 64 to col. 23 line 12, 
where a cookie at a client sent to the host indicates whether it has authorization to 
access resources that have associated authentication rules/levels that must be 
complied with by the client), and denying access to the resource if the digest identifies 
an invalid policy (to the extent understood, see 35 USC 112 rejection above; see col. 23 
lines 20- 62 which show steps for authenticating and the denial of access if 
authentication fails). 

12. As to claims 3 and 28, Knouse further discloses generating the policy digest 
includes encoding a bit vector identifying selected assertions from the cached policy 
(since any data byte or word from the client to the host may be considered a bit vector 
to the extent claimed, and includes responses to the authentication challenge and thus 
identity of assertions as recited). 



Application/Control Number: 10/783,776 Page 5 

Art Unit: 2188 

1 3. As to claims 6, 7, 31 and 32, Knouse further discloses incrementing a counter 
each time the cached policy is used; and removing the cached policy from a cache at 
the client when the counter exceeds a limit value, which would also apply when a fault is 
received at the client in response to using the policy (col. 35, lines 27-34, where a 
cookie becomes invalid after a time period, the time counted by a clock to the extent 
claimed, the invalidity of the cookie requiring a removal and replacement of the cookie 
at the client). 

14. As to claims 8 and 33, Knouse further discloses logging a diagnostic event when 
a fault is received at the client to identify a system problem (col. 23 lines 40-43). 

1 5. As to claim 1 0, Knouse further discloses issuing a fault for the client if the policy 
digest identifies an invalid policy (since denial of access may be considered issuing a 
fault for the client). 

16. As to claims 1 1 , 1 2, 35, and 36, Knouse further discloses decoding the policy 
digest or a bit vector of the policy (since the message sent, i.e., the cookie, must 
somehow be decoded to be read and understood at the host). 

1 7. As to claims 1 3 and 37, Knouse further discloses reading an assertion from the 
policy digest (since any of the requirements of the authentication, i.e., the assertions, 
must be read to be satisfied in the cookie authentication). 

Claim Rejections - 35 USC § 103 

18. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

19. Claims 2, 5, 14, 27, 30 & 38 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Knouse, and further in view of Atkinson et al., US 6,519,764, herein 
"Atkinson". 

20. Knouse does not expressly disclose generating or using a hash of the policy 
digest. However, Atkinson discloses a hash as claimed by applicant: 

21 . As to claim 2, Atkinson further discloses generating the policy digest includes 
generating a hash of the cached policy (col. 11, lines 17-23 & col. 28, lines 39-63). 

22. Knouse and Atkinson are analogous art because they are from similar problem 
solving areas: data object identification to distinguish appropriate resources. At the 
time of invention, it would have been obvious to a person of ordinary skill in the art to 
apply the hashing functions, taught by Atkinson, with the cache policy system taught by 
Knouse. The suggestion/motivation for doing so would have been to bind source 
information to a meaningful moniker which encapsulates the referenced data, as 
disclosed by Atkinson in col. 9, lines 1-6. The benefit of such information binding is to 
reduce confusion between different policies or subsequent versions of similar policies. 

23. As to claims 5, 14, 27, 30, and 38, Atkinson further discloses generating the 
policy digest includes generating a row hash of the cached policy if the cached policy is 
normalized, and reading a row hash of the cached policy (col. 11, lines 17-23 & col. 28, 
lines 39-63). 
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Allowable Subject Matter 

24. Claims 15-25 are allowed. 

25. Claims 4 and 29 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims, and amended to overcome any other non-art 
rejections including those under 35 USC 101 and 112. 

Conclusion 

26. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Gary J. Portka whose telephone number is (571) 272- 
421 1 . The examiner can normally be reached on M-F 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hyung Sough can be reached on (571) 272-6799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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/Gary J Portka/ 

Primary Examiner, Art Unit 2188 
December 16, 2008 



